openldap 0.0.1pre11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gemtest +0 -0
- data/History.md +4 -0
- data/Manifest.txt +20 -0
- data/README.md +100 -0
- data/Rakefile +152 -0
- data/Roadmap.md +55 -0
- data/ext/connection.c +1125 -0
- data/ext/extconf.rb +24 -0
- data/ext/openldap.c +558 -0
- data/ext/openldap.h +91 -0
- data/lib/openldap.rb +102 -0
- data/lib/openldap/connection.rb +179 -0
- data/lib/openldap/exceptions.rb +246 -0
- data/lib/openldap/mixins.rb +65 -0
- data/lib/openldap/utils.rb +123 -0
- data/spec/lib/constants.rb +29 -0
- data/spec/lib/helpers.rb +128 -0
- data/spec/openldap/connection_spec.rb +190 -0
- data/spec/openldap/exceptions_spec.rb +46 -0
- data/spec/openldap_spec.rb +83 -0
- data/test.conf-example +2 -0
- metadata +181 -0
data/ext/openldap.h
ADDED
@@ -0,0 +1,91 @@
|
|
1
|
+
/*
|
2
|
+
* Header for openldap.c
|
3
|
+
*/
|
4
|
+
|
5
|
+
#ifndef __OPENLDAP_H__
|
6
|
+
#define __OPENLDAP_H__
|
7
|
+
|
8
|
+
#include <stdio.h>
|
9
|
+
#include <math.h>
|
10
|
+
#include <string.h>
|
11
|
+
#include <inttypes.h>
|
12
|
+
#include <assert.h>
|
13
|
+
|
14
|
+
#include <ldap.h>
|
15
|
+
|
16
|
+
#include <ruby.h>
|
17
|
+
|
18
|
+
#include "extconf.h"
|
19
|
+
|
20
|
+
/* --------------------------------------------------------------
|
21
|
+
* Globals
|
22
|
+
* -------------------------------------------------------------- */
|
23
|
+
|
24
|
+
/* Reference to the URI module */
|
25
|
+
extern VALUE ropenldap_rbmURI;
|
26
|
+
|
27
|
+
extern VALUE ropenldap_mOpenLDAP;
|
28
|
+
extern VALUE ropenldap_mOpenLDAPLoggable;
|
29
|
+
|
30
|
+
extern VALUE ropenldap_cOpenLDAPConnection;
|
31
|
+
|
32
|
+
extern VALUE ropenldap_eOpenLDAPError;
|
33
|
+
|
34
|
+
|
35
|
+
/* --------------------------------------------------------------
|
36
|
+
* Typedefs
|
37
|
+
* -------------------------------------------------------------- */
|
38
|
+
|
39
|
+
/* OpenLDAP::Connection struct */
|
40
|
+
struct ropenldap_connection {
|
41
|
+
LDAP *ldap;
|
42
|
+
VALUE connection;
|
43
|
+
};
|
44
|
+
|
45
|
+
|
46
|
+
/* --------------------------------------------------------------
|
47
|
+
* Macros
|
48
|
+
* -------------------------------------------------------------- */
|
49
|
+
#define IsConnection( obj ) rb_obj_is_kind_of( (obj), ropenldap_cOpenLDAPConnection )
|
50
|
+
|
51
|
+
#ifdef UNUSED
|
52
|
+
#elif defined(__GNUC__)
|
53
|
+
# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
|
54
|
+
#elif defined(__LCLINT__)
|
55
|
+
# define UNUSED(x) /*@unused@*/ x
|
56
|
+
#else
|
57
|
+
# define UNUSED(x) x
|
58
|
+
#endif
|
59
|
+
|
60
|
+
|
61
|
+
/* --------------------------------------------------------------
|
62
|
+
* Declarations
|
63
|
+
* -------------------------------------------------------------- */
|
64
|
+
|
65
|
+
#ifdef HAVE_STDARG_PROTOTYPES
|
66
|
+
#include <stdarg.h>
|
67
|
+
#define va_init_list(a,b) va_start(a,b)
|
68
|
+
void ropenldap_log_obj( VALUE, const char *, const char *, ... );
|
69
|
+
void ropenldap_log( const char *, const char *, ... );
|
70
|
+
void ropenldap_check_result( int, const char *, ... );
|
71
|
+
#else
|
72
|
+
#include <varargs.h>
|
73
|
+
#define va_init_list(a,b) va_start(a)
|
74
|
+
void ropenldap_log_obj( VALUE, const char *, const char *, va_dcl );
|
75
|
+
void ropenldap_log( const char *, const char *, va_dcl );
|
76
|
+
void ropenldap_check_result( int, va_dcl );
|
77
|
+
#endif
|
78
|
+
|
79
|
+
VALUE ropenldap_rb_string_array _(( char ** ));
|
80
|
+
|
81
|
+
|
82
|
+
/* --------------------------------------------------------------
|
83
|
+
* Initializers
|
84
|
+
* -------------------------------------------------------------- */
|
85
|
+
|
86
|
+
void Init_openldap_ext _(( void ));
|
87
|
+
void ropenldap_init_connection _(( void ));
|
88
|
+
|
89
|
+
|
90
|
+
#endif /* __OPENLDAP_H__ */
|
91
|
+
|
data/lib/openldap.rb
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# The namespace for OpenLDAP classes.
|
4
|
+
#
|
5
|
+
# == Authors
|
6
|
+
#
|
7
|
+
# * Michael Granger <ged@FaerieMUD.org>
|
8
|
+
#
|
9
|
+
module OpenLDAP
|
10
|
+
|
11
|
+
# Library version constant
|
12
|
+
VERSION = '0.0.1'
|
13
|
+
|
14
|
+
# Version-control revision constant
|
15
|
+
REVISION = %q$Revision: 8fbea29a30e3 $
|
16
|
+
|
17
|
+
require 'openldap/utils'
|
18
|
+
|
19
|
+
### Logging
|
20
|
+
|
21
|
+
# Log levels
|
22
|
+
LOG_LEVELS = {
|
23
|
+
'debug' => Logger::DEBUG,
|
24
|
+
'info' => Logger::INFO,
|
25
|
+
'warn' => Logger::WARN,
|
26
|
+
'error' => Logger::ERROR,
|
27
|
+
'fatal' => Logger::FATAL,
|
28
|
+
}.freeze
|
29
|
+
LOG_LEVEL_NAMES = LOG_LEVELS.invert.freeze
|
30
|
+
|
31
|
+
@default_logger = Logger.new( $stderr )
|
32
|
+
@default_logger.level = $DEBUG ? Logger::DEBUG : Logger::WARN
|
33
|
+
|
34
|
+
@default_log_formatter = OpenLDAP::LogFormatter.new( @default_logger )
|
35
|
+
@default_logger.formatter = @default_log_formatter
|
36
|
+
|
37
|
+
@logger = @default_logger
|
38
|
+
|
39
|
+
|
40
|
+
class << self
|
41
|
+
# The log formatter that will be used when the logging subsystem is reset
|
42
|
+
attr_accessor :default_log_formatter
|
43
|
+
|
44
|
+
# the logger that will be used when the logging subsystem is reset
|
45
|
+
attr_accessor :default_logger
|
46
|
+
|
47
|
+
# the logger that's currently in effect
|
48
|
+
attr_accessor :logger
|
49
|
+
alias_method :log, :logger
|
50
|
+
alias_method :log=, :logger=
|
51
|
+
end
|
52
|
+
|
53
|
+
|
54
|
+
### Reset the global logger object to the default
|
55
|
+
def self::reset_logger
|
56
|
+
self.logger = self.default_logger
|
57
|
+
self.logger.level = Logger::WARN
|
58
|
+
self.logger.formatter = self.default_log_formatter
|
59
|
+
end
|
60
|
+
|
61
|
+
|
62
|
+
### Returns +true+ if the global logger has not been set to something other than
|
63
|
+
### the default one.
|
64
|
+
def self::using_default_logger?
|
65
|
+
return self.logger == self.default_logger
|
66
|
+
end
|
67
|
+
|
68
|
+
|
69
|
+
### Get the library version.
|
70
|
+
def self::version_string( include_buildnum=false )
|
71
|
+
vstring = "%s %s" % [ self.name, VERSION ]
|
72
|
+
vstring << " (build %s)" % [ REVISION[/: ([[:xdigit:]]+)/, 1] || '0' ] if include_buildnum
|
73
|
+
return vstring
|
74
|
+
end
|
75
|
+
|
76
|
+
### Load the extension
|
77
|
+
begin
|
78
|
+
require 'openldap_ext'
|
79
|
+
rescue LoadError => err
|
80
|
+
# If it's a Windows binary gem, try the <major>.<minor> subdirectory
|
81
|
+
if RUBY_PLATFORM =~/(mswin|mingw)/i
|
82
|
+
major_minor = RUBY_VERSION[ /^(\d+\.\d+)/ ] or
|
83
|
+
raise "Oops, can't extract the major/minor version from #{RUBY_VERSION.dump}"
|
84
|
+
require "#{major_minor}/openldap_ext"
|
85
|
+
else
|
86
|
+
raise
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
90
|
+
|
91
|
+
# Load the remaining Ruby parts of the library
|
92
|
+
require 'openldap/exceptions'
|
93
|
+
|
94
|
+
end # module OpenLDAP
|
95
|
+
|
96
|
+
|
97
|
+
# Allow some backward-compatibility with ruby-ldap
|
98
|
+
unless defined?( ::LDAP )
|
99
|
+
::LDAP = ::OpenLDAP
|
100
|
+
end
|
101
|
+
|
102
|
+
|
@@ -0,0 +1,179 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'uri'
|
4
|
+
require 'openldap' unless defined?( OpenLDAP )
|
5
|
+
|
6
|
+
# OpenLDAP Connection class
|
7
|
+
class OpenLDAP::Connection
|
8
|
+
|
9
|
+
# Default options for new OpenLDAP::Connections.
|
10
|
+
DEFAULT_OPTIONS = {
|
11
|
+
:protocol_version => 3,
|
12
|
+
}
|
13
|
+
|
14
|
+
# Default TLS options to set before STARTTLS
|
15
|
+
DEFAULT_TLS_OPTIONS = {}
|
16
|
+
|
17
|
+
# Mapping of names of TLS peer certificate-checking strategies into Fixnum values used by
|
18
|
+
# the underlying library.
|
19
|
+
TLS_REQUIRE_CERT_STRATEGIES = {
|
20
|
+
:never => OpenLDAP::LDAP_OPT_X_TLS_NEVER,
|
21
|
+
:hard => OpenLDAP::LDAP_OPT_X_TLS_HARD,
|
22
|
+
:demand => OpenLDAP::LDAP_OPT_X_TLS_DEMAND,
|
23
|
+
:allow => OpenLDAP::LDAP_OPT_X_TLS_ALLOW,
|
24
|
+
:try => OpenLDAP::LDAP_OPT_X_TLS_TRY
|
25
|
+
}
|
26
|
+
|
27
|
+
# Inverse of TLS_REQUIRE_CERT_STRATEGIES
|
28
|
+
TLS_REQUIRE_CERT_STRATEGY_NAMES = TLS_REQUIRE_CERT_STRATEGIES.invert
|
29
|
+
|
30
|
+
# Mapping of names of TLS CRL evaluation strategies into Fixnum values used by
|
31
|
+
# the underlying library.
|
32
|
+
TLS_CRL_CHECK_STRATEGIES = {
|
33
|
+
:none => OpenLDAP::LDAP_OPT_X_TLS_CRL_NONE,
|
34
|
+
:peer => OpenLDAP::LDAP_OPT_X_TLS_CRL_PEER,
|
35
|
+
:all => OpenLDAP::LDAP_OPT_X_TLS_CRL_ALL
|
36
|
+
}
|
37
|
+
|
38
|
+
# Inverse of TLS_CRL_CHECK_STRATEGIES
|
39
|
+
TLS_CRL_CHECK_STRATEGY_NAMES = TLS_CRL_CHECK_STRATEGIES.invert
|
40
|
+
|
41
|
+
|
42
|
+
### Create a new OpenLDAP::Connection object that will attempt to connect to one of the
|
43
|
+
### specified +urls+ in order.
|
44
|
+
def initialize( *urls )
|
45
|
+
options = if urls.last.is_a?( Hash ) then urls.pop else {} end
|
46
|
+
options = DEFAULT_OPTIONS.merge( options )
|
47
|
+
|
48
|
+
url_strings = urls.map( &self.method(:simplify_url) )
|
49
|
+
self._initialize( url_strings )
|
50
|
+
|
51
|
+
# Set options
|
52
|
+
options.each do |opt, val|
|
53
|
+
case opt
|
54
|
+
when :timeout
|
55
|
+
self.network_timeout = Float( val )
|
56
|
+
else
|
57
|
+
if self.respond_to?( "#{opt}=" )
|
58
|
+
self.send( "#{opt}=", val )
|
59
|
+
else
|
60
|
+
self.log.info "Unknown option %p: ignoring" % [ opt ]
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
|
67
|
+
######
|
68
|
+
public
|
69
|
+
######
|
70
|
+
|
71
|
+
### Initiate TLS processing on the LDAP session. If called without a block, the call returns
|
72
|
+
### when TLS handlers have been installed. If called with the block, the call runs asyncronously
|
73
|
+
### and calls the block when TLS is installed. If there is an error, or TLS is already set up on
|
74
|
+
### the connection, an appropriate OpenLDAP::Error is raised.
|
75
|
+
###
|
76
|
+
### conn.start_tls( :tls_require_cert => :try )
|
77
|
+
###
|
78
|
+
def start_tls( options=DEFAULT_TLS_OPTIONS )
|
79
|
+
options.each do |opt, val|
|
80
|
+
if opt.to_s.index( 'tls_' ) != 0
|
81
|
+
self.log.info "Skipping non-TLS option: %p" % [ opt ]
|
82
|
+
next
|
83
|
+
end
|
84
|
+
|
85
|
+
self.send( "#{opt}=", val )
|
86
|
+
end
|
87
|
+
|
88
|
+
self._start_tls
|
89
|
+
end
|
90
|
+
|
91
|
+
|
92
|
+
### Get the current peer certificate-checking strategy (a Symbol). See #tls_require_cert=
|
93
|
+
### for a list of the valid return values and what they mean.
|
94
|
+
def tls_require_cert
|
95
|
+
sym = TLS_REQUIRE_CERT_STRATEGY_NAMES[ self._tls_require_cert ] or
|
96
|
+
raise IndexError, "unknown TLS certificate-checking strategy %p" %
|
97
|
+
[self._tls_require_cert]
|
98
|
+
return sym
|
99
|
+
end
|
100
|
+
|
101
|
+
|
102
|
+
### Set the current peer certificate-checking +strategy+ (a Symbol). One of:
|
103
|
+
###
|
104
|
+
### [:never] This is the default. The library will not ask the peer for a certificate.
|
105
|
+
### [:allow] The peer certificate is requested. If no certificate is provided, the session
|
106
|
+
### proceeds normally. If a bad certificate is provided, it will be ignored and the
|
107
|
+
### session proceeds normally.
|
108
|
+
### [:try] The peer certificate is requested. If no certificate is provided, the session
|
109
|
+
### proceeds normally. If a bad certificate is provided, the session is immediately
|
110
|
+
### terminated.
|
111
|
+
### [:demand] The peer certificate is requested. If no certificate is provided, or a bad
|
112
|
+
### certificate is provided, the session is immediately terminated.
|
113
|
+
###
|
114
|
+
### Note that a valid client certificate is required in order to use the SASL EXTERNAL
|
115
|
+
### authentication mechanism with a TLS session. As such, a non-default
|
116
|
+
### setting must be chosen to enable SASL EXTERNAL authentication.
|
117
|
+
def tls_require_cert=( strategy )
|
118
|
+
numeric_opt = TLS_REQUIRE_CERT_STRATEGIES[ strategy ] or
|
119
|
+
raise IndexError, "unknown TLS certificate-checking strategy %p" % [strategy]
|
120
|
+
self._tls_require_cert=( numeric_opt )
|
121
|
+
end
|
122
|
+
|
123
|
+
|
124
|
+
### Get the current CRL check strategy (a Symbol). See #tls_crlcheck=
|
125
|
+
### for a list of the valid return values and what they mean.
|
126
|
+
def tls_crlcheck
|
127
|
+
sym = TLS_CRL_CHECK_STRATEGY_NAMES[ self._tls_crlcheck ] or
|
128
|
+
raise IndexError, "unknown TLS CRL evaluation strategy %p" % [self._tls_crlcheck]
|
129
|
+
return sym
|
130
|
+
end
|
131
|
+
|
132
|
+
|
133
|
+
### Specify if the Certificate Revocation List (CRL) of the CA should be used to check
|
134
|
+
### if the client certificates have been revoked or not. This option is ignored with GNUtls.
|
135
|
+
### +strategy+ can be specified as one of the following:
|
136
|
+
###
|
137
|
+
### [:none] No CRL checks are performed
|
138
|
+
### [:peer] Check the CRL of the peer certificate
|
139
|
+
### [:all] Check the CRL for a whole certificate chain
|
140
|
+
###
|
141
|
+
### If this is set to +:peer+ or +:all+, #tls_cacertdir also needs to be set.
|
142
|
+
def tls_crlcheck=( strategy )
|
143
|
+
numeric_opt = TLS_CRL_CHECK_STRATEGIES[ strategy ] or
|
144
|
+
raise IndexError, "unknown TLS CRL evaluation strategy %p" % [strategy]
|
145
|
+
self._tls_crlcheck=( numeric_opt )
|
146
|
+
end
|
147
|
+
|
148
|
+
|
149
|
+
### Fetch an IO object wrapped around the file descriptor the library is using to
|
150
|
+
### communicate with the directory. Returns +nil+ if the connection hasn't yet
|
151
|
+
### been established.
|
152
|
+
def socket
|
153
|
+
unless @socket
|
154
|
+
fd = self.fdno or return nil
|
155
|
+
@socket = IO.for_fd( fd, "rb:ascii-8bit" )
|
156
|
+
@socket.autoclose = false
|
157
|
+
@socket.close_on_exec = false
|
158
|
+
end
|
159
|
+
|
160
|
+
return @socket
|
161
|
+
end
|
162
|
+
|
163
|
+
|
164
|
+
#######
|
165
|
+
private
|
166
|
+
#######
|
167
|
+
|
168
|
+
### Strip all but the schema, host, and port from the given +url+ and return it as a
|
169
|
+
### String.
|
170
|
+
def simplify_url( url )
|
171
|
+
url = URI( url ) unless url.is_a?( URI )
|
172
|
+
simpleurl = URI::Generic.build( :scheme => url.scheme, :host => url.host, :port => url.port )
|
173
|
+
self.log.info "Simplified URL %s to: %s" % [ url, simpleurl ]
|
174
|
+
|
175
|
+
return simpleurl.to_s
|
176
|
+
end
|
177
|
+
|
178
|
+
end # class OpenLDAP::Connection
|
179
|
+
|
@@ -0,0 +1,246 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'openldap' unless defined?( OpenLDAP )
|
4
|
+
|
5
|
+
|
6
|
+
module OpenLDAP
|
7
|
+
|
8
|
+
# A map of result codes to the corresponding exception class
|
9
|
+
RESULT_EXCEPTION_CLASS = {}
|
10
|
+
|
11
|
+
# The base class for all OpenLDAP exceptions
|
12
|
+
#
|
13
|
+
# The exception class hierarchy follows the error constants specified by the OpenLDAP
|
14
|
+
# client library, and looks like this:
|
15
|
+
#
|
16
|
+
# * OpenLDAP::Error
|
17
|
+
# * Referral
|
18
|
+
# * OperationsError
|
19
|
+
# * ProtocolError
|
20
|
+
# * TimelimitExceeded
|
21
|
+
# * SizelimitExceeded
|
22
|
+
# * CompareFalse
|
23
|
+
# * CompareTrue
|
24
|
+
# * AuthMethodNotSupported
|
25
|
+
# * StrongAuthRequired
|
26
|
+
# * PartialResults
|
27
|
+
# * AdminlimitExceeded
|
28
|
+
# * UnavailableCriticalExtension
|
29
|
+
# * ConfidentialityRequired
|
30
|
+
# * SASLBindInProgress
|
31
|
+
# * AttrError
|
32
|
+
# * NoSuchAttribute
|
33
|
+
# * UndefinedType
|
34
|
+
# * InappropriateMatching
|
35
|
+
# * ConstraintViolation
|
36
|
+
# * TypeOrValueExists
|
37
|
+
# * InvalidSyntax
|
38
|
+
# * NameError
|
39
|
+
# * NoSuchObject
|
40
|
+
# * AliasProblem
|
41
|
+
# * InvalidDNSyntax
|
42
|
+
# * IsLeaf
|
43
|
+
# * AliasDerefProblem
|
44
|
+
# * SecurityError
|
45
|
+
# * XProxyAuthzFailure
|
46
|
+
# * InappropriateAuth
|
47
|
+
# * InvalidCredentials
|
48
|
+
# * InsufficientAccess
|
49
|
+
# * ServiceError
|
50
|
+
# * Busy
|
51
|
+
# * Unavailable
|
52
|
+
# * UnwillingToPerform
|
53
|
+
# * LoopDetect
|
54
|
+
# * UpdateError
|
55
|
+
# * NamingViolation
|
56
|
+
# * ObjectClassViolation
|
57
|
+
# * NotAllowedOnNonleaf
|
58
|
+
# * NotAllowedOnRdn
|
59
|
+
# * AlreadyExists
|
60
|
+
# * NoObjectClassMods
|
61
|
+
# * ResultsTooLarge
|
62
|
+
# * AffectsMultipleDSAs
|
63
|
+
# * VLVError
|
64
|
+
# * OtherError
|
65
|
+
# * APIError
|
66
|
+
# * ServerDown
|
67
|
+
# * LocalError
|
68
|
+
# * EncodingError
|
69
|
+
# * DecodingError
|
70
|
+
# * Timeout
|
71
|
+
# * AuthUnknown
|
72
|
+
# * FilterError
|
73
|
+
# * UserCancelled
|
74
|
+
# * ParamError
|
75
|
+
# * NoMemory
|
76
|
+
# * ConnectError
|
77
|
+
# * NotSupported
|
78
|
+
# * ControlNotFound
|
79
|
+
# * NoResultsReturned
|
80
|
+
# * MoreResultsToReturn
|
81
|
+
# * ClientLoop
|
82
|
+
# * ReferralLimitExceeded
|
83
|
+
# * XConnecting
|
84
|
+
class Error < RuntimeError
|
85
|
+
|
86
|
+
# The result code that corresponds to the exception type
|
87
|
+
@result_code = nil
|
88
|
+
class << self; attr_accessor :result_code; end
|
89
|
+
|
90
|
+
### Inheritance hook -- Initialize the result code class instance variable
|
91
|
+
### for inheriting exception classes.
|
92
|
+
def self::inherited( subclass )
|
93
|
+
subclass.instance_variable_set( :@result_code, nil )
|
94
|
+
end
|
95
|
+
|
96
|
+
### Return the appropriate Exception class for the given +resultcode+.
|
97
|
+
### @param [Integer] resultcode the result code from an ldap_* call.
|
98
|
+
### @return [Class]
|
99
|
+
def self::subclass_for( resultcode )
|
100
|
+
return OpenLDAP::RESULT_EXCEPTION_CLASS[ resultcode ]
|
101
|
+
end
|
102
|
+
|
103
|
+
end # class Error
|
104
|
+
|
105
|
+
|
106
|
+
### Define a new Exception class named +classname+ for the specified +result_code+
|
107
|
+
### and inheriting from +superclass+.
|
108
|
+
def self::def_ldap_exception( classname, result_code, superclass=OpenLDAP::Error )
|
109
|
+
eclass = Class.new( superclass ) do
|
110
|
+
def initialize( message=nil ) # :nodoc:
|
111
|
+
ldapmsg = OpenLDAP.err2string( self.class.result_code )
|
112
|
+
ldapmsg += ': ' + message if message
|
113
|
+
super( ldapmsg )
|
114
|
+
end
|
115
|
+
end
|
116
|
+
eclass.result_code = result_code
|
117
|
+
|
118
|
+
const_set( classname, eclass )
|
119
|
+
RESULT_EXCEPTION_CLASS[ result_code ] = eclass
|
120
|
+
end
|
121
|
+
|
122
|
+
|
123
|
+
# The LDAP referral class -- raised when the target LDAP directory instructs
|
124
|
+
# the client to refer to another directory
|
125
|
+
class Referral < OpenLDAP::Error
|
126
|
+
|
127
|
+
### Create a new referral to the specified +url+.
|
128
|
+
def initialize( url )
|
129
|
+
super( "Referral to #{url}" )
|
130
|
+
@url = url
|
131
|
+
end
|
132
|
+
|
133
|
+
######
|
134
|
+
public
|
135
|
+
######
|
136
|
+
|
137
|
+
# The URL of the directory to refer to
|
138
|
+
attr_reader :url
|
139
|
+
|
140
|
+
end # class Referral
|
141
|
+
|
142
|
+
|
143
|
+
def_ldap_exception :OperationsError, LDAP_OPERATIONS_ERROR
|
144
|
+
def_ldap_exception :ProtocolError, LDAP_PROTOCOL_ERROR
|
145
|
+
def_ldap_exception :TimelimitExceeded, LDAP_TIMELIMIT_EXCEEDED
|
146
|
+
def_ldap_exception :SizelimitExceeded, LDAP_SIZELIMIT_EXCEEDED
|
147
|
+
def_ldap_exception :CompareFalse, LDAP_COMPARE_FALSE
|
148
|
+
def_ldap_exception :CompareTrue, LDAP_COMPARE_TRUE
|
149
|
+
def_ldap_exception :AuthMethodNotSupported, LDAP_AUTH_METHOD_NOT_SUPPORTED
|
150
|
+
def_ldap_exception :StrongAuthRequired, LDAP_STRONG_AUTH_REQUIRED
|
151
|
+
def_ldap_exception :PartialResults, LDAP_PARTIAL_RESULTS
|
152
|
+
def_ldap_exception :AdminlimitExceeded, LDAP_ADMINLIMIT_EXCEEDED
|
153
|
+
def_ldap_exception :UnavailableCriticalExtension, LDAP_UNAVAILABLE_CRITICAL_EXTENSION
|
154
|
+
def_ldap_exception :ConfidentialityRequired, LDAP_CONFIDENTIALITY_REQUIRED
|
155
|
+
def_ldap_exception :SASLBindInProgress, LDAP_SASL_BIND_IN_PROGRESS
|
156
|
+
|
157
|
+
#define LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */
|
158
|
+
class AttrError < OpenLDAP::Error # :nodoc:
|
159
|
+
end
|
160
|
+
|
161
|
+
def_ldap_exception :NoSuchAttribute, LDAP_NO_SUCH_ATTRIBUTE, OpenLDAP::AttrError
|
162
|
+
def_ldap_exception :UndefinedType, LDAP_UNDEFINED_TYPE, OpenLDAP::AttrError
|
163
|
+
def_ldap_exception :InappropriateMatching, LDAP_INAPPROPRIATE_MATCHING, OpenLDAP::AttrError
|
164
|
+
def_ldap_exception :ConstraintViolation, LDAP_CONSTRAINT_VIOLATION, OpenLDAP::AttrError
|
165
|
+
def_ldap_exception :TypeOrValueExists, LDAP_TYPE_OR_VALUE_EXISTS, OpenLDAP::AttrError
|
166
|
+
def_ldap_exception :InvalidSyntax, LDAP_INVALID_SYNTAX, OpenLDAP::AttrError
|
167
|
+
|
168
|
+
#define LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
|
169
|
+
class NameError < OpenLDAP::Error # :nodoc:
|
170
|
+
end
|
171
|
+
|
172
|
+
def_ldap_exception :NoSuchObject, LDAP_NO_SUCH_OBJECT, OpenLDAP::NameError
|
173
|
+
def_ldap_exception :AliasProblem, LDAP_ALIAS_PROBLEM, OpenLDAP::NameError
|
174
|
+
def_ldap_exception :InvalidDNSyntax, LDAP_INVALID_DN_SYNTAX, OpenLDAP::NameError
|
175
|
+
def_ldap_exception :IsLeaf, LDAP_IS_LEAF, OpenLDAP::NameError
|
176
|
+
def_ldap_exception :AliasDerefProblem, LDAP_ALIAS_DEREF_PROBLEM, OpenLDAP::NameError
|
177
|
+
|
178
|
+
#define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
|
179
|
+
class SecurityError < OpenLDAP::Error # :nodoc:
|
180
|
+
end
|
181
|
+
|
182
|
+
def_ldap_exception :XProxyAuthzFailure, LDAP_X_PROXY_AUTHZ_FAILURE, OpenLDAP::SecurityError
|
183
|
+
def_ldap_exception :InappropriateAuth, LDAP_INAPPROPRIATE_AUTH, OpenLDAP::SecurityError
|
184
|
+
def_ldap_exception :InvalidCredentials, LDAP_INVALID_CREDENTIALS, OpenLDAP::SecurityError
|
185
|
+
def_ldap_exception :InsufficientAccess, LDAP_INSUFFICIENT_ACCESS, OpenLDAP::SecurityError
|
186
|
+
|
187
|
+
#define LDAP_SERVICE_ERROR(n) LDAP_RANGE((n),0x33,0x36) /* 51-54 */
|
188
|
+
class ServiceError < OpenLDAP::Error # :nodoc:
|
189
|
+
end
|
190
|
+
|
191
|
+
def_ldap_exception :Busy, LDAP_BUSY, OpenLDAP::ServiceError
|
192
|
+
def_ldap_exception :Unavailable, LDAP_UNAVAILABLE, OpenLDAP::ServiceError
|
193
|
+
def_ldap_exception :UnwillingToPerform, LDAP_UNWILLING_TO_PERFORM, OpenLDAP::ServiceError
|
194
|
+
def_ldap_exception :LoopDetect, LDAP_LOOP_DETECT, OpenLDAP::ServiceError
|
195
|
+
|
196
|
+
#define LDAP_UPDATE_ERROR(n) LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
|
197
|
+
class UpdateError < OpenLDAP::Error # :nodoc:
|
198
|
+
end
|
199
|
+
|
200
|
+
def_ldap_exception :NamingViolation, LDAP_NAMING_VIOLATION, OpenLDAP::UpdateError
|
201
|
+
def_ldap_exception :ObjectClassViolation, LDAP_OBJECT_CLASS_VIOLATION, OpenLDAP::UpdateError
|
202
|
+
def_ldap_exception :NotAllowedOnNonleaf, LDAP_NOT_ALLOWED_ON_NONLEAF, OpenLDAP::UpdateError
|
203
|
+
def_ldap_exception :NotAllowedOnRdn, LDAP_NOT_ALLOWED_ON_RDN, OpenLDAP::UpdateError
|
204
|
+
def_ldap_exception :AlreadyExists, LDAP_ALREADY_EXISTS, OpenLDAP::UpdateError
|
205
|
+
def_ldap_exception :NoObjectClassMods, LDAP_NO_OBJECT_CLASS_MODS, OpenLDAP::UpdateError
|
206
|
+
def_ldap_exception :ResultsTooLarge, LDAP_RESULTS_TOO_LARGE, OpenLDAP::UpdateError
|
207
|
+
def_ldap_exception :AffectsMultipleDSAs, LDAP_AFFECTS_MULTIPLE_DSAS, OpenLDAP::UpdateError
|
208
|
+
|
209
|
+
def_ldap_exception :VLVError, LDAP_VLV_ERROR if defined?( OpenLDAP::LDAP_VLV_ERROR )
|
210
|
+
|
211
|
+
# Implementation-specific errors
|
212
|
+
class OtherError < OpenLDAP::Error # :nodoc:
|
213
|
+
end
|
214
|
+
RESULT_EXCEPTION_CLASS.default = OpenLDAP::OtherError
|
215
|
+
|
216
|
+
# API Error Codes
|
217
|
+
#
|
218
|
+
# Based on draft-ietf-ldap-c-api-xx
|
219
|
+
# but with new negative code values
|
220
|
+
#
|
221
|
+
class APIError < OpenLDAP::Error # :nodoc:
|
222
|
+
end
|
223
|
+
|
224
|
+
def_ldap_exception :ServerDown, LDAP_SERVER_DOWN, OpenLDAP::APIError
|
225
|
+
def_ldap_exception :LocalError, LDAP_LOCAL_ERROR, OpenLDAP::APIError
|
226
|
+
def_ldap_exception :EncodingError, LDAP_ENCODING_ERROR, OpenLDAP::APIError
|
227
|
+
def_ldap_exception :DecodingError, LDAP_DECODING_ERROR, OpenLDAP::APIError
|
228
|
+
def_ldap_exception :Timeout, LDAP_TIMEOUT, OpenLDAP::APIError
|
229
|
+
def_ldap_exception :AuthUnknown, LDAP_AUTH_UNKNOWN, OpenLDAP::APIError
|
230
|
+
def_ldap_exception :FilterError, LDAP_FILTER_ERROR, OpenLDAP::APIError
|
231
|
+
def_ldap_exception :UserCancelled, LDAP_USER_CANCELLED, OpenLDAP::APIError
|
232
|
+
def_ldap_exception :ParamError, LDAP_PARAM_ERROR, OpenLDAP::APIError
|
233
|
+
def_ldap_exception :NoMemory, LDAP_NO_MEMORY, OpenLDAP::APIError
|
234
|
+
def_ldap_exception :ConnectError, LDAP_CONNECT_ERROR, OpenLDAP::APIError
|
235
|
+
def_ldap_exception :NotSupported, LDAP_NOT_SUPPORTED, OpenLDAP::APIError
|
236
|
+
def_ldap_exception :ControlNotFound, LDAP_CONTROL_NOT_FOUND, OpenLDAP::APIError
|
237
|
+
def_ldap_exception :NoResultsReturned, LDAP_NO_RESULTS_RETURNED, OpenLDAP::APIError
|
238
|
+
def_ldap_exception :MoreResultsToReturn, LDAP_MORE_RESULTS_TO_RETURN, OpenLDAP::APIError
|
239
|
+
def_ldap_exception :ClientLoop, LDAP_CLIENT_LOOP, OpenLDAP::APIError
|
240
|
+
def_ldap_exception :ReferralLimitExceeded, LDAP_REFERRAL_LIMIT_EXCEEDED, OpenLDAP::APIError
|
241
|
+
def_ldap_exception :XConnecting, LDAP_X_CONNECTING, OpenLDAP::APIError
|
242
|
+
|
243
|
+
|
244
|
+
end # module OpenLDAP
|
245
|
+
|
246
|
+
|